Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro Discovers new Adobe Flash zero-day exploit used in malvertisements

    • Updated:
    • 25 Apr 2016
    • Product/Version:
    • Deep Discovery 3.0
    • Deep Discovery 3.1
    • Deep Discovery 3.2
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • OfficeScan 10.6
    • OfficeScan 11.0
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2008 Web Server Edition
    • Windows 2008 Web Server Edition 64-bit
Summary

The Trend Micro research team has discovered a new zero-day exploit in Adobe Flash used in a malvertisement attack. The exploit affects the most recent version of Adobe Flash and is identified as CVE-2015-0313.

 
Please note that this is not the same Adobe Flash zero-day exploit that was reported on January 23, 2015.

Visitors of the popular site dailymotion.com were directed to a series of sites that eventually led to a compromised URL where the exploit itself was hosted. Trend Micro detects this exploit as SWF_EXPLOIT.MJST and blocks the related URL.

Details
Public

Trend Micro’s primary recommendation to users when vulnerabilities such as this one is discovered is to apply a vendor-issued patch as soon as possible; however, Adobe has not yet released an official patch or fix for this issue as of the time of this writing.

Trend Micro is continuously monitoring other attacks related to this zero-day. The exploit affects the latest version of Flash 16.0.0.296 and earlier version. Trend Micro’s recommendation to users is to disable or block affected versions of Flash Player until a fixed version is released, and we are closely working with Adobe to ensure a patch will be available this week to address this vulnerability.

Fortunately, Trend Micro has some solutions that already provide protection against this threat:

  1. The Browser Exploit Prevention (BEP) feature in Trend Micro Endpoint solutions (such as Trend Micro Worry-Free Business Security and Trend Micro OfficeScan) blocks the exploit upon accessing the URL it is hosted in. BEP also protects against exploits that target browsers or related plugins.
  2. Trend Micro Deep Security, Vulnerability Protection (formerly the IDF plug-in for OfficeScan), and Deep Discovery customers with the latest rules also have an additional layer of protection against this vulnerability. Specifically, Trend Micro will be releasing the following rules and patterns for proactive protection:
    • Deep Security rule DSRU15-004
    • Deep Packet Inspection (DPI) rule 1006468 for Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers; and
    • The existing Sandbox and Script Analyzer engine that is part of Deep Discovery can also be used to detect this threat, without any engine or pattern update.
  3. Administrators looking to block Flash can specifically block the affected versions from running or even lockdown their endpoints to only run specific applications and their updates with Trend Micro Endpoint Application Control. This lockdown policy therefore blocks all unwanted applications (e.g. any malware from executing on the endpoint).

Trend Micro always highly recommends that vendor critical patches are applied as soon as possible upon release. Customers and partners who may need some additional information or have questions are encouraged to contact their authorized Trend Micro technical support representative for further assistance.

References

Premium
Internal
Rating:
Category:
Troubleshoot; Remove a Malware / Virus
Solution Id:
1107715
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.